source: trunk/cscrypt/sha/sha1.c@ 3181

Last change on this file since 3181 was 3181, checked in by dingo35, 10 years ago

Adding threadsafety FIXMEs, feel free to join checking..

  • Property svn:mime-type set to text/plain
File size: 8.3 KB
Line 
1//FIXME Not checked on threadsafety yet; after checking please remove this line
2/*
3SHA-1 in C
4By Steve Reid <sreid@sea-to-sky.net>
5100% Public Domain
6
7-----------------
8Modified 7/98
9By James H. Brown <jbrown@burgoyne.com>
10Still 100% Public Domain
11
12Corrected a problem which generated improper hash values on 16 bit machines
13Routine SHA1Update changed from
14 void SHA1Update(SHA_CTX* context, unsigned char* data, unsigned int
15len)
16to
17 void SHA1Update(SHA_CTX* context, unsigned char* data, unsigned
18long len)
19
20The 'len' parameter was declared an int which works fine on 32 bit machines.
21However, on 16 bit machines an int is too small for the shifts being done
22against
23it. This caused the hash function to generate incorrect values if len was
24greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update().
25
26Since the file IO in main() reads 16K at a time, any file 8K or larger would
27be guaranteed to generate the wrong hash (e.g. Test Vector #3, a million
28"a"s).
29
30I also changed the declaration of variables i & j in SHA1Update to
31unsigned long from unsigned int for the same reason.
32
33These changes should make no difference to any 32 bit implementations since
34an
35int and a long are the same size in those environments.
36
37--
38I also corrected a few compiler warnings generated by Borland C.
391. Added #include <process.h> for exit() prototype
402. Removed unused variable 'j' in SHA1Final
413. Changed exit(0) to return(0) at end of main.
42
43ALL changes I made can be located by searching for comments containing 'JHB'
44-----------------
45Modified 8/98
46By Steve Reid <sreid@sea-to-sky.net>
47Still 100% public domain
48
491- Removed #include <process.h> and used return() instead of exit()
502- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall)
513- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net
52
53-----------------
54Modified 4/01
55By Saul Kravitz <Saul.Kravitz@celera.com>
56Still 100% PD
57Modified to run on Compaq Alpha hardware.
58
59-----------------
60Modified 07/2002
61By Ralph Giles <giles@ghostscript.com>
62Still 100% public domain
63modified for use with stdint types, autoconf
64code cleanup, removed attribution comments
65switched SHA1Final() argument order for consistency
66use SHA1_ prefix for public api
67move public api to sha1.h
68*/
69
70/*
71Test Vectors (from FIPS PUB 180-1)
72"abc"
73 A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
74"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
75 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
76A million repetitions of "a"
77 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
78*/
79
80/* #define SHA1HANDSOFF */
81
82#ifdef HAVE_CONFIG_H
83#include "config.h"
84#endif
85
86#include <stdio.h>
87#include <string.h>
88
89#include "sha1.h"
90
91#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
92
93/* blk0() and blk() perform the initial expand. */
94/* I got the idea of expanding during the round function from SSLeay */
95/* FIXME: can we do this in an endian-proof way? */
96#if __BYTE_ORDER == __BIG_ENDIAN
97#define blk0(i) block->l[i]
98#else
99#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
100 |(rol(block->l[i],8)&0x00FF00FF))
101#endif
102#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
103 ^block->l[(i+2)&15]^block->l[i&15],1))
104
105/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
106#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
107#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
108#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
109#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
110#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
111
112
113#ifdef VERBOSE /* SAK */
114void SHAPrintContext(SHA_CTX *context, char *msg){
115 printf("%s (%d,%d) %x %x %x %x %x\n",
116 msg,
117 context->count[0], context->count[1],
118 context->state[0],
119 context->state[1],
120 context->state[2],
121 context->state[3],
122 context->state[4]);
123}
124#endif /* VERBOSE */
125
126/* Hash a single 512-bit block. This is the core of the algorithm. */
127void SHA1_Transform(uint32_t state[5], const uint8_t buffer[64])
128{
129 uint32_t a, b, c, d, e;
130 typedef union {
131 uint8_t c[64];
132 uint32_t l[16];
133 } CHAR64LONG16;
134 CHAR64LONG16* block;
135
136#ifdef SHA1HANDSOFF
137 static uint8_t workspace[64];
138 block = (CHAR64LONG16*)workspace;
139 memcpy(block, buffer, 64);
140#else
141 block = (CHAR64LONG16*)buffer;
142#endif
143
144 /* Copy context->state[] to working vars */
145 a = state[0];
146 b = state[1];
147 c = state[2];
148 d = state[3];
149 e = state[4];
150
151 /* 4 rounds of 20 operations each. Loop unrolled. */
152 R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
153 R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
154 R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
155 R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
156 R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
157 R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
158 R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
159 R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
160 R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
161 R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
162 R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
163 R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
164 R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
165 R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
166 R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
167 R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
168 R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
169 R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
170 R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
171 R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
172
173 /* Add the working vars back into context.state[] */
174 state[0] += a;
175 state[1] += b;
176 state[2] += c;
177 state[3] += d;
178 state[4] += e;
179
180 /* Wipe variables */
181 a = b = c = d = e = 0;
182}
183
184
185/* SHA1Init - Initialize new context */
186void SHA1_Init(SHA_CTX* context)
187{
188 /* SHA1 initialization constants */
189 context->state[0] = 0x67452301;
190 context->state[1] = 0xEFCDAB89;
191 context->state[2] = 0x98BADCFE;
192 context->state[3] = 0x10325476;
193 context->state[4] = 0xC3D2E1F0;
194 context->count[0] = context->count[1] = 0;
195}
196
197
198/* Run your data through this. */
199void SHA1_Update(SHA_CTX* context, const uint8_t* data, const size_t len)
200{
201 size_t i, j;
202
203#ifdef VERBOSE
204 SHAPrintContext(context, "before");
205#endif
206
207 j = (context->count[0] >> 3) & 63;
208 if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
209 context->count[1] += (len >> 29);
210 if ((j + len) > 63) {
211 memcpy(&context->buffer[j], data, (i = 64-j));
212 SHA1_Transform(context->state, context->buffer);
213 for ( ; i + 63 < len; i += 64) {
214 SHA1_Transform(context->state, data + i);
215 }
216 j = 0;
217 }
218 else i = 0;
219 memcpy(&context->buffer[j], &data[i], len - i);
220
221#ifdef VERBOSE
222 SHAPrintContext(context, "after ");
223#endif
224}
225
226
227/* Add padding and return the message digest. */
228void SHA1_Final(uint8_t digest[SHA_DIGEST_LENGTH], SHA_CTX* context)
229{
230 uint32_t i;
231 uint8_t finalcount[8];
232
233 for (i = 0; i < 8; i++) {
234 finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
235 >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
236 }
237 SHA1_Update(context, (uint8_t *)"\200", 1);
238 while ((context->count[0] & 504) != 448) {
239 SHA1_Update(context, (uint8_t *)"\0", 1);
240 }
241 SHA1_Update(context, finalcount, 8); /* Should cause a SHA1_Transform() */
242 for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
243 digest[i] = (uint8_t)
244 ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
245 }
246
247 /* Wipe variables */
248 i = 0;
249 memset(context->buffer, 0, 64);
250 memset(context->state, 0, 20);
251 memset(context->count, 0, 8);
252 memset(finalcount, 0, 8); /* SWR */
253
254#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite its own static vars */
255 SHA1_Transform(context->state, context->buffer);
256#endif
257}
Note: See TracBrowser for help on using the repository browser.